Use-After-Free Vulnerability in Logitech G920 Driving Force Racing Wheel
CVE-2026-43049

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43049?

A use-after-free vulnerability has been identified in the Logitech G920 Driving Force Racing Wheel's driver within the Linux kernel. During the initialization of force feedback functionality, if the initialization fails, the driver returns an error while the userspace interactions remain intact. This scenario may lead to the potential misuse of dangling references in userspace if the error is disregarded. The intended behavior, as designed by the author, is to issue a warning while maintaining device functionality sans the force feedback feature. It is crucial for users to be aware of this issue to mitigate risks associated with the improper handling of driver errors.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 772f99cc8d6e5d95613bce93c9624e154c1abe88

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9a793ac19eb84f44ed759c0fce80cf29bc2a2453

References

https://git.kernel.org/stable/c/772f99cc8d6e5d95613bce93c...

https://git.kernel.org/stable/c/b846fb0a73e99174f08238e08...

https://git.kernel.org/stable/c/9a793ac19eb84f44ed759c0fc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43049 Data

JSON